From: Michael Altizer (mialtize) Date: Fri, 30 Sep 2016 18:32:18 +0000 (-0400) Subject: Merge pull request #649 in SNORT/snort3 from dce_includes to master X-Git-Tag: 3.0.0-233~247 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59377e79fc7f627b6477efc2ae456f1cff54a396;p=thirdparty%2Fsnort3.git Merge pull request #649 in SNORT/snort3 from dce_includes to master Squashed commit of the following: commit 5bf0a396155c01562d168fad34b7cff4f54e76f8 Author: Michael Altizer Date: Fri Sep 30 14:01:39 2016 -0400 dce_rpc: Clean up header inclusions --- diff --git a/src/service_inspectors/dce_rpc/dce_co.cc b/src/service_inspectors/dce_rpc/dce_co.cc index 1bae2dd26..145566217 100644 --- a/src/service_inspectors/dce_rpc/dce_co.cc +++ b/src/service_inspectors/dce_rpc/dce_co.cc @@ -20,17 +20,15 @@ // based on work by Todd Wease #include "dce_co.h" -#include "dce_tcp.h" + +#include "main/snort_debug.h" +#include "utils/util.h" + #include "dce_smb.h" -#include "dce_tcp_module.h" #include "dce_smb_module.h" -#include "dce_list.h" -#include "dce_utils.h" +#include "dce_tcp.h" +#include "dce_tcp_module.h" #include "dce_smb_utils.h" -#include "log/messages.h" -#include "main/snort_debug.h" -#include "utils/util.h" -#include THREAD_LOCAL int co_reassembled = 0; diff --git a/src/service_inspectors/dce_rpc/dce_co.h b/src/service_inspectors/dce_rpc/dce_co.h index 05e557f9c..23c95be5b 100644 --- a/src/service_inspectors/dce_rpc/dce_co.h +++ b/src/service_inspectors/dce_rpc/dce_co.h @@ -24,7 +24,6 @@ #include "dce_common.h" #include "dce_list.h" -#include "dce_utils.h" #define DCE2_CO_BAD_MAJOR_VERSION 27 #define DCE2_CO_BAD_MINOR_VERSION 28 diff --git a/src/service_inspectors/dce_rpc/dce_common.cc b/src/service_inspectors/dce_rpc/dce_common.cc index 41a5b32b0..a4b372907 100644 --- a/src/service_inspectors/dce_rpc/dce_common.cc +++ b/src/service_inspectors/dce_rpc/dce_common.cc @@ -19,24 +19,15 @@ // dce_common.cc author Rashmi Pitre #include "dce_common.h" -#include "dce_tcp.h" -#include "dce_smb.h" -#include "dce_co.h" -#include "dce_smb_utils.h" -#include "framework/base_api.h" -#include "framework/module.h" -#include "flow/flow.h" -#include "log/messages.h" -#include "main/snort_debug.h" + #include "detection/detect.h" #include "ips_options/extract.h" -#include "protocols/packet_manager.h" -#include "events/event_queue.h" -#include "framework/codec.h" -#include "main/snort.h" -#include "framework/endianness.h" +#include "log/messages.h" #include "utils/safec.h" +#include "dce_smb_utils.h" +#include "dce_tcp.h" + THREAD_LOCAL int dce2_detected = 0; THREAD_LOCAL DCE2_CStack* dce2_pkt_stack = nullptr; THREAD_LOCAL int dce2_inspector_instances = 0; diff --git a/src/service_inspectors/dce_rpc/dce_common.h b/src/service_inspectors/dce_rpc/dce_common.h index 6ec2f94c9..111cbff69 100644 --- a/src/service_inspectors/dce_rpc/dce_common.h +++ b/src/service_inspectors/dce_rpc/dce_common.h @@ -21,13 +21,12 @@ #ifndef DCE_COMMON_H #define DCE_COMMON_H -#include "dce_utils.h" -#include "dce_list.h" -#include "main/snort_types.h" -#include "framework/module.h" -#include "framework/inspector.h" -#include "protocols/packet.h" #include "events/event_queue.h" +#include "framework/counts.h" +#include "framework/value.h" +#include "protocols/packet.h" + +#include "dce_list.h" extern const InspectApi dce2_smb_api; extern const InspectApi dce2_tcp_api; diff --git a/src/service_inspectors/dce_rpc/dce_list.cc b/src/service_inspectors/dce_rpc/dce_list.cc index a7aaff805..b7adaaee1 100644 --- a/src/service_inspectors/dce_rpc/dce_list.cc +++ b/src/service_inspectors/dce_rpc/dce_list.cc @@ -26,10 +26,9 @@ ****************************************************************************/ #include "dce_list.h" -#include "dce_utils.h" -#include "utils/util.h" #include "main/snort_debug.h" +#include "utils/util.h" /******************************************************************** * Private function prototyes diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index 4c6f3127c..4d2522c46 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -19,17 +19,18 @@ // dce_smb.cc author Rashmi Pitre #include "dce_smb.h" -#include "dce_smb2.h" + +#include "detection/detect.h" +#include "file_api/file_service.h" +#include "protocols/packet.h" +#include "utils/util.h" + +#include "dce_smb_module.h" #include "dce_smb_utils.h" #include "dce_smb_paf.h" -#include "dce_smb_module.h" #include "dce_smb_commands.h" #include "dce_smb_transaction.h" -#include "dce_list.h" -#include "main/snort_debug.h" -#include "file_api/file_service.h" -#include "utils/util.h" -#include "detection/detect.h" +#include "dce_smb2.h" THREAD_LOCAL int dce2_smb_inspector_instances = 0; @@ -2232,7 +2233,7 @@ static void DCE2_Smb1Process(DCE2_SmbSsnData* ssd) } // This is the main entry point for SMB processing -void DCE2_SmbProcess(DCE2_SmbSsnData* ssd) +static void DCE2_SmbProcess(DCE2_SmbSsnData* ssd) { if (DCE2_GcIsLegacyMode((dce2SmbProtoConf*)ssd->sd.config)) { diff --git a/src/service_inspectors/dce_rpc/dce_smb.h b/src/service_inspectors/dce_rpc/dce_smb.h index 6c22ab3b0..53802955f 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.h +++ b/src/service_inspectors/dce_rpc/dce_smb.h @@ -22,11 +22,11 @@ #ifndef DCE_SMB_H #define DCE_SMB_H -#include "dce_common.h" -#include "dce_co.h" -#include "protocols/packet.h" -#include "profiler/profiler.h" #include "framework/counts.h" +#include "protocols/packet.h" +#include "profiler/profiler_defs.h" + +#include "dce_co.h" #define DCE2_SMB_NAME "dce_smb" #define DCE2_SMB_HELP "dce over smb inspection" diff --git a/src/service_inspectors/dce_rpc/dce_smb2.cc b/src/service_inspectors/dce_rpc/dce_smb2.cc index 51e1a344a..0aff359b3 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.cc +++ b/src/service_inspectors/dce_rpc/dce_smb2.cc @@ -20,13 +20,13 @@ // Author(s): Hui Cao #include "dce_smb2.h" -#include "dce_list.h" -#include "dce_smb_module.h" -#include "dce_smb_utils.h" + #include "detection/detection_util.h" -#include "main/snort_debug.h" #include "file_api/file_flows.h" +#include "dce_smb_module.h" +#include "dce_smb_utils.h" + #define UNKNOWN_FILE_SIZE ~0 // FIXIT-L port fileCache related code along with diff --git a/src/service_inspectors/dce_rpc/dce_smb2.h b/src/service_inspectors/dce_rpc/dce_smb2.h index 70e63fff3..2848fbcf3 100644 --- a/src/service_inspectors/dce_rpc/dce_smb2.h +++ b/src/service_inspectors/dce_rpc/dce_smb2.h @@ -23,7 +23,6 @@ #define _DCE_SMB2_H_ #include "dce_smb.h" -#include "dce_utils.h" #define SMB2_FLAGS_ASYNC_COMMAND 0x00000002 diff --git a/src/service_inspectors/dce_rpc/dce_smb_commands.cc b/src/service_inspectors/dce_rpc/dce_smb_commands.cc index be047ad7e..b76167b80 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_commands.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_commands.cc @@ -22,12 +22,12 @@ // Smb commands processing #include "dce_smb_commands.h" -#include "dce_smb_transaction_utils.h" -#include "dce_smb_module.h" #include "main/snort_debug.h" #include "utils/util.h" -#include "detection/detect.h" + +#include "dce_smb_module.h" +#include "dce_smb_transaction_utils.h" #define SMB_DIALECT_NT_LM_012 "NT LM 0.12" // NT LAN Manager diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc index 848cb95bf..cb37b4970 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc @@ -19,12 +19,11 @@ // dce_smb_module.cc author Rashmi Pitre #include "dce_smb_module.h" -#include "dce_smb.h" -#include "dce_common.h" -#include "dce_co.h" #include "main/snort_config.h" +#include "dce_smb.h" + using namespace std; static const PegInfo dce2_smb_pegs[] = diff --git a/src/service_inspectors/dce_rpc/dce_smb_paf.cc b/src/service_inspectors/dce_rpc/dce_smb_paf.cc index fdf441629..c604ce06f 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_paf.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_paf.cc @@ -20,10 +20,10 @@ // based on work by Todd Wease #include "dce_smb_paf.h" -#include "dce_smb.h" -#include "dce_common.h" + #include "main/snort_debug.h" -#include "protocols/packet.h" + +#include "dce_smb.h" /********************************************************************* * Function: DCE2_PafSmbIsValidNetbiosHdr() diff --git a/src/service_inspectors/dce_rpc/dce_smb_paf.h b/src/service_inspectors/dce_rpc/dce_smb_paf.h index ba5f16f72..2cfa435c2 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_paf.h +++ b/src/service_inspectors/dce_rpc/dce_smb_paf.h @@ -22,7 +22,6 @@ #ifndef DCE_SMB_PAF_H #define DCE_SMB_PAF_H -#include "main/snort_types.h" #include "stream/stream_splitter.h" #define DCE2_SMB_PAF_SHIFT(x64, x8) { x64 <<= 8; x64 |= (uint64_t)x8; } diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc index 1b012d464..bb76165b2 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc @@ -22,13 +22,10 @@ // Smb transaction commands processing #include "dce_smb_transaction.h" -#include "dce_smb_transaction_utils.h" -#include "dce_smb_utils.h" -#include "dce_smb_module.h" #include "main/snort_debug.h" -#include "utils/util.h" -#include "detection/detect.h" + +#include "dce_smb_transaction_utils.h" #define DCE2_SMB_TRANS__NONE 0x00 #define DCE2_SMB_TRANS__DATA 0x01 diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc index 1079da4ff..cd4dcf5b9 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction_utils.cc @@ -21,13 +21,9 @@ // Smb transaction commands utils -#include "dce_smb.h" -#include "dce_utils.h" -#include "dce_smb_module.h" +#include "dce_smb_transaction_utils.h" #include "main/snort_debug.h" -#include "utils/util.h" -#include "detection/detect.h" #define TRANS_NM_PIPE_0 (0) #define TRANS_NM_PIPE_1 (TRANS_NM_PIPE_0+7) diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc index bb3d24441..93aaa608a 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc @@ -19,16 +19,13 @@ // dce_smb_utils.cc author Maya Dagon // based on work by Todd Wease -#include "dce_smb.h" #include "dce_smb_utils.h" -#include "dce_smb_module.h" -#include "dce_list.h" -#include "main/snort_debug.h" -#include "utils/util.h" -#include "detection/detect.h" -#include "file_api/file_api.h" -#include "file_api/file_flows.h" + #include "detection/detection_util.h" +#include "file_api/file_flows.h" +#include "utils/util.h" + +#include "dce_smb_module.h" /******************************************************************** * Private function prototypes diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc index 45c7828d3..1e54c2fb9 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp.cc @@ -20,15 +20,13 @@ // based on work by Todd Wease #include "dce_tcp.h" -#include "dce_tcp_paf.h" -#include "dce_tcp_module.h" -#include "dce_co.h" -#include "main/snort_debug.h" + #include "detection/detect.h" -#include "log/messages.h" -#include "protocols/packet_manager.h" #include "utils/util.h" +#include "dce_tcp_module.h" +#include "dce_tcp_paf.h" + Dce2TcpFlowData::Dce2TcpFlowData() : FlowData(flow_id) { } diff --git a/src/service_inspectors/dce_rpc/dce_tcp.h b/src/service_inspectors/dce_rpc/dce_tcp.h index a4b9159e2..036ac7c38 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.h +++ b/src/service_inspectors/dce_rpc/dce_tcp.h @@ -22,10 +22,9 @@ #ifndef DCE_TCP_H #define DCE_TCP_H +#include "profiler/profiler_defs.h" + #include "dce_co.h" -#include "protocols/packet.h" -#include "profiler/profiler.h" -#include "framework/counts.h" #define DCE2_TCP_NAME "dce_tcp" #define DCE2_TCP_HELP "dce over tcp inspection" diff --git a/src/service_inspectors/dce_rpc/dce_tcp_module.cc b/src/service_inspectors/dce_rpc/dce_tcp_module.cc index 30f82d57b..f892185b5 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp_module.cc @@ -19,10 +19,10 @@ // dce_tcp_module.cc author Rashmi Pitre #include "dce_tcp_module.h" + +#include "log/messages.h" + #include "dce_tcp.h" -#include "dce_common.h" -#include "main/snort_config.h" -#include "dce_co.h" using namespace std; diff --git a/src/service_inspectors/dce_rpc/dce_tcp_paf.cc b/src/service_inspectors/dce_rpc/dce_tcp_paf.cc index 24f098a5f..e2c045406 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_paf.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp_paf.cc @@ -20,10 +20,11 @@ // based on work by Todd Wease #include "dce_tcp_paf.h" -#include "dce_tcp.h" -#include "dce_common.h" + #include "main/snort_debug.h" +#include "dce_tcp.h" + /********************************************************************* * Function: dce2_tcp_paf() * diff --git a/src/service_inspectors/dce_rpc/dce_tcp_paf.h b/src/service_inspectors/dce_rpc/dce_tcp_paf.h index 9f6c775af..315833b9a 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp_paf.h +++ b/src/service_inspectors/dce_rpc/dce_tcp_paf.h @@ -23,7 +23,6 @@ #define DCE_TCP_PAF_H #include "dce_common.h" -#include "main/snort_types.h" #include "stream/stream_splitter.h" #define DCE2_DEBUG__PAF_START_MSG_TCP "DCE/RPC over TCP PAF =====================================" diff --git a/src/service_inspectors/dce_rpc/dce_udp.cc b/src/service_inspectors/dce_rpc/dce_udp.cc index 984561e04..284e3c176 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.cc +++ b/src/service_inspectors/dce_rpc/dce_udp.cc @@ -20,12 +20,10 @@ // based on work by Todd Wease #include "dce_udp.h" -#include "dce_udp_module.h" -#include "main/snort_debug.h" + #include "detection/detect.h" -#include "log/messages.h" -#include "protocols/packet_manager.h" -#include "utils/util.h" + +#include "dce_udp_module.h" THREAD_LOCAL int dce2_udp_inspector_instances = 0; @@ -40,7 +38,7 @@ THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_acts; THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_frag; THREAD_LOCAL ProfileStats dce2_udp_pstat_cl_reass; -void DCE2_ClCleanTracker(DCE2_ClTracker* clt) +static void DCE2_ClCleanTracker(DCE2_ClTracker* clt) { if (clt == nullptr) return; diff --git a/src/service_inspectors/dce_rpc/dce_udp.h b/src/service_inspectors/dce_rpc/dce_udp.h index c084c16dd..bfefeafa1 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.h +++ b/src/service_inspectors/dce_rpc/dce_udp.h @@ -22,11 +22,9 @@ #ifndef DCE_UDP_H #define DCE_UDP_H +#include "profiler/profiler_defs.h" + #include "dce_common.h" -#include "dce_list.h" -#include "protocols/packet.h" -#include "profiler/profiler.h" -#include "framework/counts.h" #define DCE2_UDP_NAME "dce_udp" #define DCE2_UDP_HELP "dce over udp inspection" diff --git a/src/service_inspectors/dce_rpc/dce_udp_module.cc b/src/service_inspectors/dce_rpc/dce_udp_module.cc index a21ad4a52..7e56fe4e1 100644 --- a/src/service_inspectors/dce_rpc/dce_udp_module.cc +++ b/src/service_inspectors/dce_rpc/dce_udp_module.cc @@ -19,9 +19,10 @@ // dce_udp_module.cc author Maya Dagon #include "dce_udp_module.h" + +#include "log/messages.h" + #include "dce_udp.h" -#include "dce_common.h" -#include "main/snort_config.h" using namespace std; diff --git a/src/service_inspectors/dce_rpc/dce_utils.cc b/src/service_inspectors/dce_rpc/dce_utils.cc index 2dc5f2be4..e971dd65c 100644 --- a/src/service_inspectors/dce_rpc/dce_utils.cc +++ b/src/service_inspectors/dce_rpc/dce_utils.cc @@ -18,6 +18,7 @@ //-------------------------------------------------------------------------- #include "dce_utils.h" + #include "main/snort_debug.h" #include "utils/util.h" #include "utils/safec.h" diff --git a/src/service_inspectors/dce_rpc/dce_utils.h b/src/service_inspectors/dce_rpc/dce_utils.h index 92d0bc374..13b698c9a 100644 --- a/src/service_inspectors/dce_rpc/dce_utils.h +++ b/src/service_inspectors/dce_rpc/dce_utils.h @@ -21,8 +21,8 @@ #define DCE_UTILS_H #include +#include #include "main/snort_types.h" -#include "utils/util.h" /******************************************************************** * Macros diff --git a/src/service_inspectors/dce_rpc/ips_dce_iface.cc b/src/service_inspectors/dce_rpc/ips_dce_iface.cc index 72aca4631..c947531d8 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_iface.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_iface.cc @@ -19,21 +19,18 @@ // ips_dce_iface.cc author Maya Dagon // based on work by Todd Wease -#include "dce_utils.h" -#include "dce_common.h" #include -#include "framework/ips_option.h" -#include "framework/module.h" -#include "framework/parameter.h" -#include "framework/range.h" -#include "detection/detect.h" #include "detection/detection_defines.h" #include "detection/pattern_match_data.h" -#include "hash/sfhashfcn.h" +#include "framework/module.h" +#include "framework/ips_option.h" +#include "framework/range.h" #include "profiler/profiler.h" #include "target_based/snort_protocols.h" -#include "main/snort_debug.h" +#include "utils/util.h" + +#include "dce_common.h" //------------------------------------------------------------------------- // dcerpc2 interface rule options diff --git a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc index a8e7950e7..f97563db4 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc @@ -19,18 +19,13 @@ // ips_dce_opnum.cc author Maya Dagon // based on work by Todd Wease -#include "dce_utils.h" -#include "dce_common.h" - +#include "detection/detection_defines.h" #include "framework/ips_option.h" #include "framework/module.h" -#include "framework/parameter.h" -#include "detection/detection_defines.h" -#include "hash/sfhashfcn.h" #include "profiler/profiler.h" -#include "protocols/packet.h" #include "utils/util.h" -#include "log/messages.h" + +#include "dce_common.h" //------------------------------------------------------------------------- // dcerpc2 opnum rule options diff --git a/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc b/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc index 3edcb32c5..c1ed87261 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_stub_data.cc @@ -19,16 +19,14 @@ // ips_dce_stub_data.cc author Maya Dagon // based on work by Todd Wease -#include "dce_common.h" - #include "detection/detection_defines.h" #include "framework/cursor.h" #include "framework/ips_option.h" #include "framework/module.h" -#include "hash/sfhashfcn.h" -#include "protocols/packet.h" #include "profiler/profiler.h" +#include "dce_common.h" + #define s_name "dce_stub_data" #define s_help \ "sets the cursor to dcerpc stub data"